diff --git a/g10/delkey.c b/g10/delkey.c --- a/g10/delkey.c +++ b/g10/delkey.c @@ -116,6 +116,38 @@ return err; } +static int +confirm_deletion(ctrl_t ctrl, PKT_public_key *pk, int secret, int fingerprint) +{ + int yes = 0; + + if (opt.batch) + { + if (secret) + return fingerprint; + else + return opt.answer_yes || fingerprint; + } + + print_key_info (ctrl, NULL, 0, pk, secret); + tty_printf( "\n" ); + + yes = cpr_get_answer_is_yes (secret? "delete_key.secret.okay": "delete_key.okay", + _("Delete this key from the keyring? (y/N) ")); + + if (!cpr_enabled() && secret && yes) + { + /* I think it is not required to check a passphrase; if the + * user is so stupid as to let others access his secret + * keyring (and has no backup) - it is up him to read some + * very basic texts about security. */ + yes = cpr_get_answer_is_yes ("delete_key.secret.okay", + _("This is a secret key! - really delete? (y/N) ")); + } + + return yes; +} + /**************** * Delete a public or secret key from a keyring. * r_sec_avail will be set if a secret key is available and the public @@ -132,7 +164,6 @@ PKT_public_key *pk = NULL; u32 keyid[2]; int okay=0; - int yes; KEYDB_SEARCH_DESC desc; int exactmatch; @@ -208,30 +239,6 @@ log_error(_("can't do this in batch mode without \"--yes\"\n")); log_info (_("(unless you specify the key by fingerprint)\n")); } - else - { - print_key_info (ctrl, NULL, 0, pk, secret); - tty_printf( "\n" ); - - yes = cpr_get_answer_is_yes - (secret? "delete_key.secret.okay": "delete_key.okay", - _("Delete this key from the keyring? (y/N) ")); - - if (!cpr_enabled() && secret && yes) - { - /* I think it is not required to check a passphrase; if the - * user is so stupid as to let others access his secret - * keyring (and has no backup) - it is up him to read some - * very basic texts about security. */ - yes = cpr_get_answer_is_yes - ("delete_key.secret.okay", - _("This is a secret key! - really delete? (y/N) ")); - } - - if (yes) - okay++; - } - if (okay) { @@ -249,29 +256,34 @@ if (should_skip (&desc, node->pkt->pkt.public_key)) continue; - err = gpg_agent_delete_secret_key (ctrl, node->pkt->pkt.public_key); - - if (err == GPG_ERR_NO_SECKEY) - continue; /* No secret key for that public (sub)key. */ - - else if (err) + if (confirm_deletion (ctrl, node->pkt->pkt.public_key, secret, exactmatch)) { - if (gpg_err_code (err) == GPG_ERR_KEY_ON_CARD) - write_status_text (STATUS_DELETE_PROBLEM, "1"); - log_error (_("deleting secret %s failed: %s\n"), - (node->pkt->pkttype == PKT_PUBLIC_KEY - ? _("key"):_("subkey")), - gpg_strerror (err)); - if (!firsterr) - firsterr = err; - if (gpg_err_code (err) == GPG_ERR_CANCELED - || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) - { - write_status_error ("delete_key.secret", err); - break; - } + err = gpg_agent_delete_secret_key (ctrl, node->pkt->pkt.public_key); + + if (err == GPG_ERR_NO_SECKEY) + continue; /* No secret key for that public (sub)key. */ + + else if (err) + { + if (gpg_err_code (err) == GPG_ERR_KEY_ON_CARD) + write_status_text (STATUS_DELETE_PROBLEM, "1"); + + log_error (_("deleting secret %s failed: %s\n"), + (node->pkt->pkttype == PKT_PUBLIC_KEY + ? _("key") : _("subkey")), + gpg_strerror (err)); + + if (!firsterr) + firsterr = err; + + if (gpg_err_code (err) == GPG_ERR_CANCELED + || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) + { + write_status_error ("delete_key.secret", err); + break; + } + } } - } err = firsterr; @@ -280,13 +292,16 @@ } else { - err = opt.dry_run? 0 : keydb_delete_keyblock (hd); - if (err) - { - log_error (_("deleting keyblock failed: %s\n"), - gpg_strerror (err)); - goto leave; - } + if (confirm_deletion (ctrl, pk, secret, exactmatch)) + { + err = opt.dry_run? 0 : keydb_delete_keyblock (hd); + if (err) + { + log_error (_("deleting keyblock failed: %s\n"), + gpg_strerror (err)); + goto leave; + } + } } /* Note that the ownertrust being cleared will trigger a